The #1 business risk is cybersecurity - How do you manage cyber projects?

In our PwC Pulse Survey, cybersecurity is the “No. 1 business risk, with 40% of all respondents listing more frequent and/or broader cyber attacks as a serious risk (and another 38% calling it a moderate risk).”

Today, there are many threats faced by business leaders. In the last three years, we have lived through a global pandemic, supply chain issues, inflation, economic uncertainty and international conflict. Yet business leaders are still saying that cybersecurity is their primary risk. Today’s threat landscape is filled with risk vectors that business executives are challenged to navigate. Why is cybersecurity risk so different?

Control. For your average business leaders, cybersecurity risk is an unknown that they often struggle to fully understand and effectively mitigate to protect businesses. Leaders are reliant on Chief Information Security Officers (CISOs) and cybersecurity staff to help implement the safeguards that are supposed to shield their businesses from devastating effects. They’ve also seen “how the sausage is made,” which has left them with some doubt as to how well they are protected. The technology behind cybersecurity can be intimidating and hard to fully understand. It is a modern cat-and-mouse game between hackers and defenders, and CISOs need the utmost support from their business leaders and strong project managers who can accomplish strategic initiatives.

First, to the CISO, cybersecurity leader and Chief Risk Officer, we know that managing projects on top of the day-to-day security operations is an incredible balancing act. In fact, fewer than half (45%) of the respondents in the Harvard Business Review Analytic Services survey “strongly agreed” that they had a formalized process to evaluate cyber risks in line with business priorities.

Second, to the business leaders, know that your CISOs are up at night worrying about even scarier things than what you can imagine. That said, they are doing everything they can to secure your network, data and systems, despite being constrained by time, budget and the ability to control your people’s desire to click on suspicious links. Cybersecurity protection is a team effort requiring awareness, engagement, diligence and constant investment in the right tools to help combat evolving threats. So, how do businesses make better investment decisions? This is not easy. In fact, fewer than half (45%) were very confident that their cyber spend is allocated to the most significant risks, according to PwC’s Global Digital Trust Insights 2021 survey.

What can executives do?

Here are three action items to help bring your cybersecurity initiative to successful completion:

1. Assess your Project Management Office’s (PMO) readiness to support cyber requirements - Does it meet your needs? Instead of splitting your team’s time between operations and strategic initiatives, create or hire a team to help manage it for you. Depending on the number of projects you have, as well as their budget, scope and schedules, you might be able to do this internally. If you don’t have the staff or time, and you want to potentially transfer some of the risk of running it yourself, you could utilize a managed services team like PwC’s Strategic PMO Managed Services and Cyber Managed Services. If you have a PMO, consider getting a PMO assessment to understand how you can improve it.
2. Have a vision of what your project can accomplish - In cybersecurity, we sometimes tend to go with the solution that addresses the most risks in one fell swoop, but that can create challenges to project completion because it is just too big and has too many moving pieces. Keep in mind, sometimes bigger is not better and to truly complete a project you have to understand what you’re trying to accomplish.
3. Keep your stakeholders in mind - Cybersecurity is a team effort. Your new and improved PMO can be your strategic relationship to help conduct a simple stakeholder analysis and to assess who is onboard with your project and who might be opposed to it and why. Knowing why someone supports your efforts can allow you to tailor messaging and help identify risks to your project. You can also potentially identify individuals and groups that can serve as advocates or even “change champions” for your cause.

For further insights on project management within the CISO’s sphere of responsibilities or your enterprise, consider looking into PwC’s Managed Services.